Introduction to the BigQuery entity resolution framework

This document describes the architecture of the BigQuery entity resolution framework. Entity resolution is the ability to match records across shared data where no common identifier exists or to augment shared data using an identity service from a Google Cloud partner.

This document is intended for entity resolution end users (hereafter referred to as end users) and identity providers. For implementation details, see Configure and use entity resolution in BigQuery.

You can use BigQuery entity resolution for any data that is prepared before contributing data into a data clean room. Entity resolution is available in both the on-demand and capacity pricing models and in all BigQuery editions.

Benefits

As an end user, you can benefit from entity resolution in the following ways:

  • You can resolve entities in place without invoking data transfer fees because a subscriber or Google Cloud partner matches your data to their identity table and writes the match results to a dataset in your project.
  • You don't need to manage extract, transform, and load (ETL) jobs.

As an identity provider, you can benefit from entity resolution in the following ways:

  • You can offer entity resolution as a managed software as a service (SaaS) offering on Google Cloud Marketplace.
  • You can use your proprietary identity graphs and match logic without revealing them to users.

Architecture

BigQuery implements entity resolution by using remote function calls that activate entity resolution processes in an identity provider's environment. Your data does not need to be copied or moved during this process. The following diagram and explanation describe the workflow for entity resolution:

A diagram showing two main sections: an end-user project and an identity
provider project.

  1. The end user grants the identity provider's service account read access to their input dataset, and write access to their output dataset.
  2. The user calls the remote function that matches their input data with the provider's identity graph data. Matching parameters are passed to the provider with the remote function.
  3. The provider's service account reads the input dataset and processes it.
  4. The provider's service account writes the entity resolution results to the user's output dataset.

The following sections describe the end-user components and provider projects.

End-user components

End-user components include the following:

  • Remote function call: a call that runs a procedure defined and implemented by the identity provider. This call starts the entity resolution process.
  • Input dataset: the source dataset that contains the data to be matched. Optionally, the dataset can contain a metadata table with additional parameters. Providers specify schema requirements for input datasets.
  • Output dataset: the destination dataset where the provider stores the matched results as an output table. Optionally, the provider can write a job status table that contains entity resolution job details to this dataset. The output dataset can be the same as the input dataset.

Identity provider components

Identity provider components include the following:

  • Control plane: contains a BigQuery remote function that orchestrates the matching process. This function can be implemented as a Cloud Run job, or a Cloud Run function. The control plane can also contain other services, such as authentication and authorization.
  • Data plane: contains the identity graph dataset and the stored procedure that implements the provider matching logic. The stored procedure can be implemented as a SQL stored procedure or an Apache Spark stored procedure. The identity graph dataset contains the tables that the end-user data is matched against.

What's next